From 879cc78d7255986609fbb1ddb1340dea08fb37ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A5=D0=B0=D0=BB=D1=82=D0=BE=D0=B1=D0=B8=D0=BD=20=D0=95?= =?UTF-8?q?=D0=B2=D0=B3=D0=B5=D0=BD=D0=B8=D0=B9?= Date: Mon, 27 Jan 2025 08:46:34 +0300 Subject: [PATCH 1/2] updated to KC2 --- Dockerfile.micord | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.micord b/Dockerfile.micord index 8507186..17a3662 100644 --- a/Dockerfile.micord +++ b/Dockerfile.micord @@ -1,4 +1,4 @@ -ARG BUILDER_IMAGE=repo.micord.ru/alt/alt-cprocsp:c10f1-5.0.13000-20241129 +ARG BUILDER_IMAGE=repo.micord.ru/alt/alt-cprocsp-kc2:c10f1-5.0.13000-20250124 ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1 FROM ${BUILDER_IMAGE} AS builder From baf5792031526ff979781327e226a65724f3b0ed Mon Sep 17 00:00:00 2001 From: Pavel Zilke Date: Thu, 6 Feb 2025 13:18:01 +0300 Subject: [PATCH 2/2] DEVOPS-1922 --- Dockerfile.micord | 22 ++++++++++++++-------- entrypoint.sh | 20 +++++++++++++------- 2 files changed, 27 insertions(+), 15 deletions(-) diff --git a/Dockerfile.micord b/Dockerfile.micord index 17a3662..09f0521 100644 --- a/Dockerfile.micord +++ b/Dockerfile.micord @@ -1,5 +1,6 @@ ARG BUILDER_IMAGE=repo.micord.ru/alt/alt-cprocsp-kc2:c10f1-5.0.13000-20250124 ARG RUNTIME_IMAGE=registry.altlinux.org/basealt/altsp:c10f1 +ARG RUNTIME_USER=ervu FROM ${BUILDER_IMAGE} AS builder @@ -30,17 +31,19 @@ RUN mkdir -p .build \ FROM ${RUNTIME_IMAGE} ENV TZ=Europe/Moscow +ARG RUNTIME_USER +ENV RUNTIME_USER=$RUNTIME_USER COPY entrypoint.sh /entrypoint.sh RUN apt-get update \ - && apt-get -y install glib2 libfcgi libjson-glib libuuid \ + && apt-get -y install glib2 libfcgi libjson-glib libuuid su startup \ && apt-get clean \ && rm -f /var/cache/apt/*.bin \ && rm -f /var/lib/apt/lists/update* \ && chmod +x /entrypoint.sh \ - && groupadd --system --gid 500 ervu \ - && adduser --system --no-create-home --uid 500 --gid 500 ervu + && groupadd --system --gid 500 $RUNTIME_USER \ + && adduser --system --no-create-home --uid 500 --gid 500 $RUNTIME_USER COPY --from=builder /usr/lib/locale/ru_RU.utf8 /usr/lib/locale/ru_RU.utf8 COPY --from=builder /etc/opt/cprocsp /etc/opt/cprocsp @@ -52,15 +55,18 @@ COPY --from=builder /build/.build/ervu-sign-module /opt/ervu-sign-module/ervu-si EXPOSE 9009 -COPY --chown=ervu:ervu conf/cacerts /cacerts -COPY --chown=ervu:ervu conf/certs /certs +COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/cacerts /cacerts +COPY --chown=$RUNTIME_USER:$RUNTIME_USER conf/certs /certs + RUN echo "Installing CA certificates" \ + && /opt/cprocsp/sbin/amd64/cryptsrv \ && find /cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store mRoot -file {} \; -USER ervu - RUN echo "Installing certificates" \ - && find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \; + && /opt/cprocsp/sbin/amd64/cryptsrv \ + && su -c 'find /certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $RUNTIME_USER + +#USER ervu ENTRYPOINT ["/entrypoint.sh"] diff --git a/entrypoint.sh b/entrypoint.sh index dd2c6eb..f40af3d 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,19 +1,25 @@ #!/bin/bash -username=$(whoami) +username=$RUNTIME_USER + +set -e +echo "Starting cryptsrv" +/opt/cprocsp/sbin/amd64/cryptsrv +echo $? +set +e if [ ! -d /var/opt/cprocsp/keys/$username ]; then mkdir -m 700 /var/opt/cprocsp/keys/$username - cp -r ~/keys/* /var/opt/cprocsp/keys/$username/ + cp -r /home/$username/keys/* /var/opt/cprocsp/keys/$username/ chown -R $username:$username /var/opt/cprocsp/keys/$username fi -/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov +su - -c '/opt/cprocsp/bin/amd64/csptest -absorb -certs -autoprov' $username echo "Installing CA certificates" -find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \; +su - -c 'find ~/cacerts -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -store uCA -file {} \;' $username -echo "Installing certificates" \ -find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \; +echo "Installing certificates" +su - -c 'find ~/certs -regex ".*\.\(cer\|crt\)$" -exec /opt/cprocsp/bin/amd64/certmgr -install -file {} \;' $username -/opt/ervu-sign-module/ervu-sign-module +su - -c '/opt/ervu-sign-module/ervu-sign-module' $username